IT Risk Engineer

ING Hubs Philippines (ING Hubs PH) is an international part of the ING organization delivering services to many Business Units across the world for both Wholesale Banking and Retail Banking activities. Working for ING Hubs PH means working with the most diverse workforce and where no challenge is the same.

At ING our purpose is to empower people to stay a step ahead in life and business. We believe that sustainable progress is driven by people with the imagination and determination to make a better future for themselves and those around them.

ING is changing what banking is. For you, that means plenty of opportunities for personal growth in a continuously evolving environment. If this is the environment you thrive in, then apply and join us in changing the future of banking!

Job Overview

As an IT RiskEngineer will be part of the Financial Markets domain.

You will help on risk subjects like:

Act as a central SPOC for all incoming IT risk assessments and control evidencing requirements adhering the established control framework, SOx requirements and industry best practices.
Monitoring, tracking and managing deviations to established IT Risk controls.
Mediating between 1st LOD/2nd LOD and DevOps teams.
Conducting walkthroughs with auditors to review and validate IT Risk control processes.
Lead technical due diligence sessions with third party vendors.

You will work in an agile environment, following Scrum methodology together with DevOps squads, helping to maintain a safe and secure application.

Key Responsibilities

Your primary mission is to help the squads to implement IT Controls and to prove the controls are implemented effectively:

ensure we are in control of our risk appetite
define and document adequate risk processes and collect the evidences in regards; make sure that the different risk parties agree with the evidences
responsible for creating documents and project management requirements or specifications

provide documentation support to the technical team; interface with developers and operation engineers to define the specifications
liaison between the team and other IT Risk professionals
understand the need for security and apply it using the existing framework; constant communication about changes
participate in automation program for process and evidence for IT risk

show proactivity and flexibility, come up with plans of action and adapt approaches if necessary
understand the corporate climate and culture and act as an ambassador; IT custodianship/asset owner role.

Key Capabilities and Experience

Capabilities:

Mandatory:

Ability to understand the risk processes in an IT environment Experience with IT risk standards Ability to make clear and convincing statements related to risk procedures Proven planning and organizing experience

Nice to have:

Project management experience. Ability to track, plan and coordinate projects related to third party risk management, technical compliance, and/or IT risk automation. Experience in working with Dev(Sec)Ops teams across vulnerability management, threat hunting, security detection and response and developing, or contributing to information security policies and procedures.3. Knowledge of Agile methodology

Education: nice to have Bachelor’s Degree (or higher) in an IT related field.

Experience:

Degree and/or experience in IT risk management, cybersecurity, or related field.

Understanding of fundamental IT risk and security concepts and ability to think critically across technical control domains.

Knowledge of IT control frameworks (eg. SOX, GDPR, CSA CCM) and industry standards (eg. ISO2700x, NIST).

Proven track record of conducting IT control evidencing, qualitative risk assessments and developing mitigation strategies.

Risk reporting and communication:

• ability to communicate risk-related concepts to technical stakeholders.

• experience in liaising with second line risk functions.

• strong written and verbal communications skills in English.

Certifications such as CISSP, CISM, CRISC or equivalent are a plus.

IT Risk Engineer

Job Overview

As an IT RiskEngineer will be part of the Financial Markets domain.

You will help on risk subjects like:

Act as a central SPOC for all incoming IT risk assessments and control evidencing requirements adhering the established control framework, SOx requirements and industry best practices.
Monitoring, tracking and managing deviations to established IT Risk controls.
Mediating between 1st LOD/2nd LOD and DevOps teams.
Conducting walkthroughs with auditors to review and validate IT Risk control processes.
Lead technical due diligence sessions with third party vendors.

You will work in an agile environment, following Scrum methodology together with DevOps squads, helping to maintain a safe and secure application.

Key Responsibilities

Your primary mission is to help the squads to implement IT Controls and to prove the controls are implemented effectively:

ensure we are in control of our risk appetite
define and document adequate risk processes and collect the evidences in regards; make sure that the different risk parties agree with the evidences
responsible for creating documents and project management requirements or specifications

provide documentation support to the technical team; interface with developers and operation engineers to define the specifications
liaison between the team and other IT Risk professionals
understand the need for security and apply it using the existing framework; constant communication about changes
participate in automation program for process and evidence for IT risk

show proactivity and flexibility, come up with plans of action and adapt approaches if necessary
understand the corporate climate and culture and act as an ambassador; IT custodianship/asset owner role.

Key Capabilities and Experience

Capabilities:

Mandatory:

Nice to have:

Education: nice to have Bachelor’s Degree (or higher) in an IT related field.

Experience:

Degree and/or experience in IT risk management, cybersecurity, or related field.

Understanding of fundamental IT risk and security concepts and ability to think critically across technical control domains.

Knowledge of IT control frameworks (eg. SOX, GDPR, CSA CCM) and industry standards (eg. ISO2700x, NIST).

Proven track record of conducting IT control evidencing, qualitative risk assessments and developing mitigation strategies.

Risk reporting and communication:

• ability to communicate risk-related concepts to technical stakeholders.

• experience in liaising with second line risk functions.

• strong written and verbal communications skills in English.

Certifications such as CISSP, CISM, CRISC or equivalent are a plus.

IT Risk Engineer

IT Risk Engineer

IT Risk Engineer

Location

Workplace

Type

Posted

Website

Similar Jobs

Company

For job seekers

For companies

Cyber Security jobs

IT Risk Engineer

IT Risk Engineer

IT Risk Engineer

Location

Workplace

Type

Posted

Website

Similar Jobs

IT Risk Engineer

Cyber Security Architecture & Engineering - Business Risk & Control Oversight Senior Analyst

Senior Business Information Risk Manager, InfoSec & Security Engineering

Team Lead - Senior Cybersecurity Engineer

Risk Manager (Technology Operations)

Senior Cybersecurity Engineer

Security Engineer 2

AWS Systems Security Engineer , AWS Trust & Safety

Classified Systems Cybersecurity Engineer, Lead

Cyber Defense Specialist